CVE-2026-23246Out-of-bounds Write in Linux

CWE-787Out-of-bounds Write9 documents8 sources
Severity
8.8HIGHNVD
EPSS
0.0%
top 93.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 18

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration link_id is taken from the ML Reconfiguration element (control & 0x000f), so it can be 0..15. link_removal_timeout[] has IEEE80211_MLD_MAX_NUM_LINKS (15) elements, so index 15 is out-of-bounds. Skip subelements with link_id >= IEEE80211_MLD_MAX_NUM_LINKS to avoid a stack out-of-bounds write.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

Linuxlinux/linux_kernel6.5.06.6.130+3
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux8eb8dd2ffbbb6b0b8843b66754ee9f129f1b2d6c650981e718e68005ca2760a6358134b8a98ebea4+5

🔴Vulnerability Details

4
CVEList
wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration2026-03-18
OSV
wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration2026-03-18
OSV
CVE-2026-23246: In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration link_id is ta2026-03-18
GHSA
GHSA-g43x-jrqr-j62r: In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration link_id is2026-03-18

📋Vendor Advisories

3
Red Hat
kernel: Linux kernel: Denial of Service in mac80211 Wi-Fi due to out-of-bounds write2026-03-18
Microsoft
wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration2026-03-10
Debian
CVE-2026-23246: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: mac80...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23246 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23246 — Out-of-bounds Write in Linux | cvebase